Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • CASINO
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • CASINO
Crypto Flexs
Home»HACKING NEWS»$ 7.5m kilo X hacking inside
HACKING NEWS

$ 7.5m kilo X hacking inside

By Crypto FlexsJune 15, 20253 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
$ 7.5m kilo X hacking inside
Share
Facebook Twitter LinkedIn Pinterest Email

On April 14, 2025, the KiloEX protocol suffered a loss of $ 7.5 million for significant violations of security. This event comes from the Oracle operation attack and emphasizes the important vulnerabilities of the protocol access control mechanism. Let’s find out what happened and what we can learn.

Root cause

The root of the exploit was the access control of the protocol. MinimalForwardercontract. Contract inherited from Openzeppelin ‘s MinimalForwarderUpgradeable It contains vulnerabilities executeA function that does not correctly check the signature of the data provided.

Trust model

The KiloEX protocol was operated as a complex trust model related to multiple contracts.

  • KilopriceFeed → Goalkeeper
  • Goalkeeper → Position Keeper
  • Position Keeper → Minimum forward
  • Minimum forward → Unlimited access

Critical defects are in the final link of this chain. MinimalForwarder contract I trusted the request that comes in.

Attack vector

The attacker exploited vulnerabilities by producing malicious transactions that detour intended access controls. You just need to offer the attack successfully.

  1. valid from Address (it can be obtained from previous transactions)
  2. valid signature (Also observed in the warm chain data)
  3. All arbitrary to Address (in this case Position keeper))
  4. custom data To run the function

Especially this attack MinimalForwarder The contract was not transparent and could not be found on the BSC or base.

Running attack

The attacker has been exploited through a series of calculated stages.

  1. We manipulated Oracle to lower asset prices.
  2. I opened a long position at an artificially low price.
  3. In order to raise the price, we manipulated Oracle again.
  4. Closed location for significant profits

Influence and meaning

This case reminds me of some important security principles.

  1. Access control is important Even inherited contracts require careful review and potential modifications to meet specific security requirements.
  2. Trust model verification -The complex trust relationship between contracts requires thorough verification at each stage.
  3. Oracle security -The price feed mechanism remains an important attack vector in the Defi protocol.

Evidence

The attack has been run in several chains.

Binance Smart Chain:

base:

Main takeout

  • Always review and test inherited contracts, especially access control mechanisms.
  • For security analysis, you should be able to identify and access contract implementation.
  • It is dangerous to rely on a single access control point. Implement a deep defense.

conclusion

For protocols to prevent similar events:

  1. Implement a strong signature verification in the contract delivery
  2. Keep a clear document on trust relationship between contracts
  3. Regular security audit focused on access control mechanisms
  4. Consider the implementation of the circuit breaker for significant price fluctuations.

This event shows the potential result of overlooking the importance of thorough security and the development of smart contracts.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Encryption Inheritance Update: July 2025

July 29, 2025

Ethena increases by 20% after Arthur Hayes spreads 2m ENA tokens.

July 27, 2025

Wake’s GMX Hacking Analysis and Attack Scenario

July 25, 2025
Add A Comment

Comments are closed.

Recent Posts

Pepescape Crypto Presale Raises $1M As Ethereum Eyes $6K, Community-Owned Exchange Gigacex Unveiled

July 30, 2025

Midl Secures $2.4M Seed Investment From Draper Associates And Draper Dragon To Pioneer Native DApp Infrastructure On Bitcoin

July 30, 2025

LayerBTC starts $ LBTC ICO to power the new Bitcoin Layer 2 for Apps and Defi.

July 30, 2025

Asia Morning Briefing: SEC’s in -kind BTC, ETH ETF reduction shift occurred in Hong Kong a few years ago.

July 30, 2025

XRP Open Interests decrease by $ 2.4B after recent sale

July 30, 2025

Is it really possible to sell Memecoins?

July 29, 2025

Encryption Inheritance Update: July 2025

July 29, 2025

Charting the Course for the Future of Decentralized Platforms

July 29, 2025

Blockchain For Good Alliance Leads Global Digital Cooperation At UN IGF 2025

July 29, 2025

Queens Park Rangers And TokenFi Announces New Partnership

July 29, 2025

Onchain AI Agents Go Live With USDC & Coinbase X402

July 29, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

Pepescape Crypto Presale Raises $1M As Ethereum Eyes $6K, Community-Owned Exchange Gigacex Unveiled

July 30, 2025

Midl Secures $2.4M Seed Investment From Draper Associates And Draper Dragon To Pioneer Native DApp Infrastructure On Bitcoin

July 30, 2025

LayerBTC starts $ LBTC ICO to power the new Bitcoin Layer 2 for Apps and Defi.

July 30, 2025
Most Popular

How Kraken HR uses AI for hiring Super shower and employee experience

April 9, 2025

Coinbase CEO Brian Armstrong is called ‘Bitcoin’.

March 4, 2025

SEC Sues Consensys Over MetaMask Swap and Staking Service

June 28, 2024
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.